none
Update Active Directory schema

    Question

  • Hi,

    Can anyone explain me, how and when the schema should update ? 

    Also what all the prerequisites before we do this ?


    • Edited by Mcteer Wednesday, April 26, 2017 4:47 AM
    Wednesday, April 26, 2017 4:42 AM

Answers

  • Hi,
    Typically, the AD schema is extended for a number of reasons. For many organizations, the most common reason is the implementation of an application that requires a schema extension.  Microsoft Exchange is a perfect example of this. Third-party software vendors also sometimes require schema extensions to support their application. Also quite common is extending the schema to support an internally developed application, or to provide a location to store proprietary data in AD.
    Before starting any schema update, it is important to
    Ensure a good backup of at least the DC’s that have the FSMO roles. This will allow you to restore quickly in case something does go wrong
    Verify proper replication between your DC’s. Run repadmin /replsum /bysrc /bydst /sort:delta on every DC and look for failures. If you have failures, you need to fix those prior to running the update.
    Realize that there is no automatic o rollback scenario for a schema update. If it goes wrong or if you applied it by mistake, you’ll have to go back and restore your DC.
    How to update AD schema: https://technet.microsoft.com/en-us/library/dd764491(v=ws.10).aspx
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Proposed as answer by Todd Heron Wednesday, April 26, 2017 10:48 AM
    • Marked as answer by Mcteer Sunday, April 30, 2017 6:02 PM
    Wednesday, April 26, 2017 8:03 AM
    Moderator
  • Hi,

    Can anyone explain me, how and when the schema should update ? 

    Also what all the prerequisites before we do this ?


    Simply,need to update schema on migration scenarios,like exchange&Lync migration,DC migration or add LAPS to domain.Also you can update schema for to take advantages of new features.(like AD recylebin,FGPP on server 2008r2,etc..)

    To perform check the article;

    http://www.dell.com/support/article/gt/en/gtbsdt1/SLN289378/windows-server---how-to-upgrade-the-active-directory-schema?lang=EN

    But you should known that,You can't rollback schema update's.For this you should restore forest..


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Marked as answer by Mcteer Sunday, April 30, 2017 6:02 PM
    Wednesday, April 26, 2017 8:20 AM

All replies

  • Hi,

    Whenever you are upgrading or Migrating higher version of any application which is dependent on Active directory in that case you have to update Schema, like Exchange migration from 2010 to Exchange 2013.

    Schema Update make changes in Classes and attribute according to the application requirement

    Please refer below links for more information

    • The schema is the Active Directory Domain Services (AD DS) component that defines all the objects and attributes that the directory service uses to store data.
    • https://technet.microsoft.com/en-us/library/cc626143(v=ws.10).aspx

    • PowerShell Active Directory Schema Update Report
    • https://gallery.technet.microsoft.com/PowerShell-Active-4ffedca4

    With Regards

    • Proposed as answer by Todd Heron Wednesday, April 26, 2017 10:48 AM
    Wednesday, April 26, 2017 5:20 AM
  • It depends of what you are trying to do. You should first be part of Schema Admins group then proceed with the procedure related to the application you have (Usually, you have executable files that, once launched, will do what is required).

    If you would like to add custom attributes, please refer to this: https://social.technet.microsoft.com/wiki/contents/articles/20319.how-to-create-a-custom-attribute-in-active-directory.aspx


    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Wednesday, April 26, 2017 7:26 AM
  • Hi,
    Typically, the AD schema is extended for a number of reasons. For many organizations, the most common reason is the implementation of an application that requires a schema extension.  Microsoft Exchange is a perfect example of this. Third-party software vendors also sometimes require schema extensions to support their application. Also quite common is extending the schema to support an internally developed application, or to provide a location to store proprietary data in AD.
    Before starting any schema update, it is important to
    Ensure a good backup of at least the DC’s that have the FSMO roles. This will allow you to restore quickly in case something does go wrong
    Verify proper replication between your DC’s. Run repadmin /replsum /bysrc /bydst /sort:delta on every DC and look for failures. If you have failures, you need to fix those prior to running the update.
    Realize that there is no automatic o rollback scenario for a schema update. If it goes wrong or if you applied it by mistake, you’ll have to go back and restore your DC.
    How to update AD schema: https://technet.microsoft.com/en-us/library/dd764491(v=ws.10).aspx
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Proposed as answer by Todd Heron Wednesday, April 26, 2017 10:48 AM
    • Marked as answer by Mcteer Sunday, April 30, 2017 6:02 PM
    Wednesday, April 26, 2017 8:03 AM
    Moderator
  • Hi,

    Can anyone explain me, how and when the schema should update ? 

    Also what all the prerequisites before we do this ?


    Simply,need to update schema on migration scenarios,like exchange&Lync migration,DC migration or add LAPS to domain.Also you can update schema for to take advantages of new features.(like AD recylebin,FGPP on server 2008r2,etc..)

    To perform check the article;

    http://www.dell.com/support/article/gt/en/gtbsdt1/SLN289378/windows-server---how-to-upgrade-the-active-directory-schema?lang=EN

    But you should known that,You can't rollback schema update's.For this you should restore forest..


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Marked as answer by Mcteer Sunday, April 30, 2017 6:02 PM
    Wednesday, April 26, 2017 8:20 AM